CVE-2021-36318
https://notcve.org/view.php?id=CVE-2021-36318
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar versiones 18.2,19.1,19.2,19.3,19.4, contienen una vulnerabilidad de almacenamiento de contraseñas en texto plano. Un usuario con muchos privilegios podría explotar esta vulnerabilidad, conllevando a una interrupción completa • https://security.gentoo.org/glsa/202210-09 https://www.dell.com/support/kbdoc/000193369 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVE-2021-36316
https://notcve.org/view.php?id=CVE-2021-36316
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI. Dell EMC Avamar Server versiones 18.2, 19.1, 19.2, 19.3 y 19.4, contienen una vulnerabilidad de administración de privilegios inapropiada en AUI. Un usuario malicioso con altos privilegios podría explotar esta vulnerabilidad, conllevando a una divulgación de la información de AUI y la realización de alguna operación no autorizada en el AUI • https://www.dell.com/support/kbdoc/000193369 • CWE-269: Improper Privilege Management •
CVE-2021-21511
https://notcve.org/view.php?id=CVE-2021-21511
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. Dell EMC Avamar Server, versiones 19.3 y 19.4, contienen una vulnerabilidad de Autorización Inapropiada en la Interfaz de Usuario web. Un atacante remoto con pocos privilegios podría aprovechar esta vulnerabilidad para obtener acceso no autorizado de lectura o modificación a los datos de respaldo de otros usuarios • https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability • CWE-285: Improper Authorization •
CVE-2020-29495
https://notcve.org/view.php?id=CVE-2020-29495
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. DELL EMC Avamar Server, versiones 19.1, 19.2, 19.3, contienen una vulnerabilidad de inyección de comandos del sistema operativo en Fitness Analyzer. • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-29494
https://notcve.org/view.php?id=CVE-2020-29494
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. Dell EMC Avamar Server, versiones 19.1, 19.2, 19.3, contiene una vulnerabilidad de salto de ruta en PDM. Un usuario remoto podría aprovechar esta vulnerabilidad para conseguir acceso de escritura no autorizado a los archivos arbitrarios almacenados en el sistema de archivos del servidor, causando la eliminación de archivos arbitrarios • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •